A good password should be as random as possible. This is far from random. You get all sorts of hints from the public information about global music market and the password data is based on publicly available audio data. In addition, if you know your victim, you can even make more correct guesses as to what songs did that person choose.
Exactly. All someone would have to do is look at my last.fm profile to get a pretty good idea of the stuff I listen to. Or, barring that, see what CDs I've got lying around my house. Even just paying attention to what radio station somebody typically listens to would give you a pretty good hint.
The problem is people DON'T use secure passwords at all. Not even geeks have the discipline to use good passwords for anything but servers.
That's largely true... But I fail to see how picking a song is really going to help much. Instead of remembering your password is "p@ssw0rd" you now remember that your password is "Head Like a Hole, by Nine Inch Nails" How is that any harder to guess? How is that any harder for someone else to discover? How is that any easier to remember?
The idea with mp3s is, I think, that instead of typing in a password you point to an mp3 on your USB key. Now since practically no two mp3s are exactly the same it'd be very difficult for an attacker to first know what song you used and second to have the exact same (bitwise) version of the song. This is probably as safe as you can get without SSL certificates.
If that's the case, why use an MP3 at all? You're basically changing the security from something you know (Head Like a Hole, by Nine Inch Nails) to something you have (this specific file with a unique checksum/hash/whatever). Sounds an awful lot like what people have been doing with smartcards for years now.
Rather than generate some kind of hash from an existing file just store some ginormous string or certificate or something on the USB key.
The critical flaw of cloud computing is that you entrust your data to a third party. If you are at all concerned with privacy you will think cloud computing is a terrible idea.
Or you'll just make sure your data is encrypted before sending it out to the 3rd party for storage... Just like, if you're really concerned with privacy, you'll be encrypting the data locally as well.
Now, of course, for a cloud system where you're using someone else's CPU cycles that may not work... You might not be able to keep the data encrypted... But that's not what we're talking about here. We're talking about simple file storage. And there's absolutely no reason why you can't encrypt the files yourself and then store them wherever you like.
However, it was protected by two levels of passwords.
So... what does that actually mean? I know that TFA is a media fluffed version washed for the general masses, but they could've mentioned that part at least. If one was the NT login, were the admins smart enough to disable the LM Hash? Still, booting it with a *NIX CD and blanking the SAM password for administrator is trivial. What could the second be? A BIOS password? Open it and pull the battery. Big deal.
Is there something I'm missing about this? Are there a (whopping!) two password scheme that could actually make something more secure then just booting it with something else and pulling data off?
If the data is not actually encrypted, all the passwords in the world won't save you.
If you can get your hands on the HDD for a couple hours you can make an image of it. Then you can return the original HDD and work on the image at your leisure. You can blank the SAM, or try to brute-force the password, or just boot off a different drive and copy the data. Without encryption backing it up a password is nothing more than a polite request...not an actual barrier.
These folks have no idea if the information was compromised or not.
What was that info doing on a laptop? That in itself is very suspicious. Nobody should have a full list of the "approved people" outside of an database where each access is logged.
This is really what surprised me the most in this entire story. What the hell is that kind of information doing on a laptop at all? That information should be stored in a central database, with craptons of logging going on, only accessible through secured VPNs. There is absolutely no reason that any machine should have a local copy of it.
Thou wilt be charged what thou art willing to pay for it.
That's not quite true of course. Anyone who had the choice of paying $1 or $100 dollars for the exact same product would pay the lower price.
What you're willing to pay, not what you choose to pay. Sure, if I had a choice I'd pay $1 for my software... But they don't give me that choice. They set the price. And if I'm willing to pay it, I will. And if I'm not willing to pay it, I won't. And if enough people out there aren't willing to pay the price it'll be dropped.
Obviously folks overseas are willing to pay the higher prices. If they weren't, the software wouldn't be selling.
But we are not allowed to buy software from Russia at 1/10th of the cost.
Actually... Barring language differences and DRM, you are allowed to buy what you want, where you want. That's why there's such a booming business importing games and movies, and the associated modchips that let you play them on various consoles. Of course the issue there isn't so much price as it is simply getting your hands on a game or movie that isn't available... But it is done.
XP SP3 does NOT include IE7, Microsoft deliberately kept it as a separate installation so that people wouldn't be discouraged installing the service pack in case it broke the very web apps you mention. In this tiny, small instance, Microsoft's lack of web standards has bit them in the arse.
Really... I was under the impression that SP3 included IE.
Regardless, I still don't think we're ready to start rolling out SP3 for our clients... But it's good to know that we won't be stuck with IE7 when the time comes.
What about your browsers that are provided by your IT department of your company?
I work in pretty large company and our IT dept. have disabled auto-updates from XP, Firefox and so on. Then they push updates to users when needed.
Above works fine in my company, but what about those companies with similar policies and non-existing or incompetent IT department? Browsing tubes all day long with old versions.
This is, unfortunately, the case with some of our clients.
We do outsourced IT for a number of companies in the area. We try to provide some very solid support, but ultimately we can only do what they're willing to pay us for. And they frequently won't call unless something is genuinely broken.
We usually disable Automatic Updates of all kinds - it cuts down on the number of panicked "OMG MY SOFTWARE WON'T RUN" calls we get. But some of these folks won't call us for a while... And when we point out that they're running old software and ought to update they'll ignore us... So we've got folks who aren't even running SP1 yet on their XP/2003 machines. And there isn't really a whole lot we can do if they aren't willing to pay us
Please, for the love of all that's holy, upgrade to IE7.
Once IE6 installations get down below a certain point, we won't have to spend crazy amounts of time rewriting web pages so they *also* work in IE6.
Maybe you could talk to some of the folks who're still releasing software that only works in IE6.
I understand the desire to get rid of IE6... I understand that IE7 is more standards-compliant and doesn't require as much work to design for... And I'd love to see everyone move to something more standards-compliant, so people wouldn't have to come up with so many hacks and workarounds to make a page display the way it should...
But right now I'm supporting a number of clients who run business-critical software that ties into their browser in some way, and they can't upgrade to IE7 because it'll break their software.
And not only does that mean that they can't upgrade to IE7... But they also can't install SP3 on their XP machines, or install any machines running Vista. Now, I'm not sure that I trust SP3 yet... And I certainly don't want to be rolling out Vista anywhere I don't have to... But these software vendors are really limiting a lot more than just the choice of browsers.
I wonder how many of those are IE6, which a lot of people use because they CAN'T upgrade to IE7.
More and more of the software that our clients run is being delivered to them through a web browser. Some of it is actually a web page out on the Internet that they connect to... Some of it is a page on their intranet... Some of it just uses the browser to kick off some kind of Java application... Some of it simply uses components of the browser to draw the GUI... But a lot of it does not work with anything other than IE6.
I really thought that most of it would be running ok on IE7 by now... Especially now that XP SP3 includes it, as does Vista... But a lot of it still doesn't work right. Some of these companies were nice enough to send out warnings not to install IE7... Some of them let us discover the problem on our own...
But the end result is that many of our clients are still running IE6.
Why does this crap keep getting modded 'Insightful'? Presumably its by fellow armchair economists who agree that the atomic composition of the Earth responds to supply and demand. Retards.
It's certainly true that these metals are not going to spontaneously appear just because they're expensive. There is a finite amount of copper in the world. Economics will not magically produce more. But economics will spur people to make more copper available.
The more you can sell copper for, the more money you can put in to getting the copper in the first place. Mines that didn't produce pure enough ore to be profitable at $10/pound do just fine at $100/pound. People start recycling. Alternatives are found.
In the GP's example, if additional sources of copper had not been found AT&T could have replaced all their copper with fiber and possibly even made money on the switchover.
Just as these elements are not going to magically appear because people want them, they also are not magically disappearing. We aren't transmuting them into gold. We aren't even shooting much of it into space. It's still here, on Earth, available for use.
At the moment it is apparently cheaper to mine new metals than it is to recover the old ones. As economics change, we'll start recovering the old ones and mining in new places. We aren't actually going to run out of these metals unless we literally build so many gadgets that all the copper/hafnium/whatever is currently in use.
Or they could just grab any flavor of BSD, close it, build a Win32 susbsystem on top of it and sell it as Windows 8.
This is really what I think needs to happen for Windows to remain a viable product. There is a reason why there are so many variations on Unix out there - it works. Look at the success that Apple had with bolting a pretty GUI on top of a Unix-y kernel. And WINE does a good job of implementing win32 already. If Microsoft wanted to they could very easily accomplish something similar to Apple's transition to OSX.
Honestly, myself, I think this is a fairly benign manner to approach the issue. Under best-case-scenario circumstances, with everything working as intended - yes, it's a pretty benign way to do things. There's probably even some option to save your username and password so it doesn't prompt you. You'd just have a momentary pause while it phones home for authorization.
But what happens when things don't work right?
What if you want to play your single-player game on an airplane? Or a road trip somewhere? What if you're visiting relatives for the holidays and they have no Internet? What if your ISP craps out? What if your router dies? What if LGP's servers go down? What if you uninstall their game for a few months/years and then want to go back and play it again, but you don't remember your username and password?
There are plenty of scenarios where this fairly benign copy protection breaks down and renders the game that you legitimately paid for useless. Which makes the cracked version superior to the legitimate version - because it'll work pretty much anywhere.
And if you've got to crack the software in order to play it on airplane, or at your parents house, or when your ISP craps out, or whatever... You're already breaking the EULA/DMCA... Technically what you're doing is already illegal... So why not dive right in and pirate the thing from the start? In for a penny, in for a pound, right?
Of course it'd be better to support the developers... You want to pay them so they can go on to make more games in the future. But do you really want to support the decision to implement copy protection? Do you really want to hand them money so they can go cripple more software, so that you have to crack their next release too?
Maybe it'd send a clear message to the developers that folks don't like copy protection if they actually sold fewer copies than without the copy protection. The assumption, of course, is that they'll sell more - since it'll be harder to illegally copy the software. But if they actually sold less I wonder if anyone would get the hint? Or if they'd just use more invasive methods in the future...
I can't manage my own workload well let alone having the time to snoop around everyone else's crap. Agreed.
I'm busy enough keeping our systems running and taking care of whatever issues our clients come up with. I don't have time to go snooping around for the fun of it.
intentionally accesses a computer without authorization or exceeds authorized access Then, I have never stolen WiFi. I have never accessed without authorization; as I have never cracked a WEP or WPA password scheme. This, I think, is the crux of the problem. This is what many people don't understand... And we geeks are apparently doing a bad job of explaining.
If you have an unsecured access point anybody can connect to it with nearly-zero effort. Certain versions of Windows would connect automatically without even prompting you. Other versions warn that it might be unsafe to connect to an open access point, but say nothing about whether you actually have permission to use it or not.
If I'm sitting in my car in a parking lot, and turn on my laptop, I cannot tell the difference between an AP that was intentionally left unsecured for public use and one that was accidentally left unsecured because somebody didn't know what they were doing. They both show up as unsecured. Sure, I guess an SSID like "FreeInternet" or "PrivateNetwork" might be a hint... But entirely too many people - even those that intentionally set up a secure network - leave the SSID as "Netgear" or "Linksys"
What am I supposed to do...just start knocking on doors until I find out who owns the AP and ask if I can use it?
And what if two people both have unsecured Linksys APs with the SSID of "Linksys"...but one did it on purpose so others can get free Internet, and one just didn't know any better. And I get explicit, written permission from the first guy to connect to his AP. But I can't tell the difference between them because they're both called "Linksys" and I wind up connected to the wrong one?
This isn't a real-world situation where you can actually see physical boundaries, walls, doors, signs. This isn't a case of knowingly entering somebody else's house just because they didn't lock the front door.
This is more like a case of finding a nice little plot of green grass with a fountain in the middle of it... That looks just like the public park up the street... And has absolutely no signs indicating whether it is private property or not... And when you stop there to get a drink from the fountain some guy shows up and yells at you for trespassing and stealing his water.
It isn't that hard to secure your wireless these days. Just about any AP makes it trivially easy to pick a unique SSID and some kind of encryption. It'll only take a few minutes of your time. And if you can't be bothered to encrypt your network, you really can't expect any kind of privacy on it. Random strangers will connect to it.
Of course, actively bypassing encryption is a crime. That goes without saying. It doesn't really matter how broken WEP is or how easy it is to crack... If you're actually cracking it you're going beyond what you've been granted.
But if it's unencrypted... Everyone's been granted full access.
Yea Yea... Everything Microsoft does is evil and wrong. It is only good after some Open Source group makes a copy of it. While Open Office is close it is still not 100% there. having 99% compatability means 3 days a year where that is a problem. If one of those days is a doc from your boss that either looks great on you computer and not on his or good on his and bad on yours. Could cause the question on why you are using that free crap. It is not about better or worse it is about saying hey it doesn't work on mine and it doesn't work on yours something is wrong. And not having your boss install Windows on your PC overnight. I've got to say... I've run into more than 3 days of issues a year working exclusively in Microsoft Office...
Lately there've been a good number of problems with compatibility between 2007 and everyone else... Not everyone has the compatibility pack installed on their machine and folks with 2007 keep forgetting to save as an older version. But that's just lately...
I've also had plenty of issues over the years with people running identical versions of Office. Maybe someone uses a weird font that nobody else has and it shows up weird on everyone else's computer. Or they'll save as HTML for some reason, but not include any of the pictures when they distribute it. Or maybe somebody's weird macro is blocked by somebody else's security settings. Or perhaps Office just decides to act weird one day for absolutely no good reason.
If I had to guess... I'd say I'm dealing with at least one Microsoft Office oddity a week, and that's not including all the 2007 fun we've been having lately.
He sounds like a lawyer who wants to tap more government funds to defend the government's enemies, to me. Just saying... Problem is, we don't even know if they're the government's enemies.
Sure, some of them are. I guarantee you there's some people in Gitmo who did some absolutely horrible things and truly deserve to be there. And they deserve to rot away in prison or even face the death penalty if it is applicable.
But there are a lot of people being held in Gitmo under nothing more than suspicion. And until now they had no right to habeas corpus, which meant they could rot there for years and years with no recourse at all.
True, but there is a big difference from catching a German Speaking Nazi and holding him until the war is over, and catching someone who might or might not be a terrorist and you having to figure out if they are friend or foe. Which means then that they should be treated even better than a German Speaking Nazi, because they might not even be an enemy combatant, right?
Or maybe you shouldn't say anything on VoIP that you don't want anyone else to hear.
A couple honest questions...
1) Why do I see so much about wiretapping/bugging VoIP lately? I guess I've always assumed that VoIP was just as vulnerable to bugging as POTS - maybe even more so. Was I wrong? Was VoIP previously un-buggable and this just recently changed? Or is it just because VoIP is the new, cool thing?
2) Why would anyone think that compressed VoIP would be any more or less secure than uncompressed? As we can see, there's still patterns to be found. Wouldn't it make more sense to encrypt the data if you were worried about privacy? And since it's IP traffic, shouldn't encrypting it be relatively easy? Wouldn't a decent VPN pretty much take care of it?
The best way is personal experience. Have a strongly held belief effectively challenged and have an epic fail. Then don't do what most of humanity does and use cognitive dissonance defenses to justify why you are still incredibly smart despite the fact you were in this regard a complete tool.
Agreed. Having something important to you fail spectacularly and blow up in your face - and then not simply rationalizing it away and actually realizing that things could have been done differently is a great way to develop some skepticism.
After a couple absolutely lousy server installs I've started questioning everything. And regardless of what the vendor/support people tell me, I prepare for the worst. As a result, I hardly ever run into unexpected issues and usually get things done in far less time than I've allotted.
I don't think you can really teach someone to be skeptical... Sure, you can tell them repeatedly to keep asking questions and doubt answers, but I don't think it really sinks in until you've had a solid personal experience.
These sort of concurrency issues are bad enough when they're bug in your *own* code. When it's stuff in other apps producing what appears to be strange behaviour in your own (perfectly fine) code, that's a BIG problem.
This sort of issue wouldn't survive for a week on Linux. If you read the original story, which this one is an update to, then you'll see that there are no bugs - only features.
Apple intentionally disabled DTrace on some software.
You can actually take a look at Apple's DTrace source.
While I can't stand the kiddie pr0n,this simply won't work. it has been tried in the past in other countries and it always ends up getting legit websites along with the bad ones.But that is my 02c,YMMV You've got probably three major problems with any kind of list like this...
1) Accidentally listed innocent sites. Some place like Whore Presents getting listed as pornography when it isn't.
2) Intentionally mis-listed sites. Somebody will claim that The Pirate Bay has child pornography on it (which it may) just to keep people from downloading cracked copies of Spore.
3) They're easy enough to bypass. There are plenty of free proxies out there that'll happily slap some advertising on your screen and then serve up whatever page your ISP doesn't want you to see. Or you could tunnel your traffic elsewhere to avoid the filter lists
These blocklists will be enough to stop some people from accidentally stumbling upon child porn... Maybe stop some very casual attempts to intentionally view child porn... But nothing more. They won't actually put a dent in folks who are genuinely trafficking in real, illegal child pornography. They're already well aware of what they're doing, and that it's illegal, and they're already going to some effort to find the material. Making them use an additional proxy or VPN isn't going to accomplish a whole lot.
I am against any sort of control by government busy-bodies. Don't like it, go elsewhere, like russia. The problem is that without any sort of control by government busy-bodies companies will do whatever it takes to maximize their profits.
Without control by government busy-bodies you'd have companies using sawdust as filler in their sausages... Pressing chalk dust into tablets and calling it "aspirin"... Paying children $1/day to work in hazardous conditions... You get the idea.
And without control by government busy-bodies, as we're seeing now, companies will sell you 20 GB/month and call it "unlimited".
I stopped caring about LucasArts when they stopped making space combat simulators. I miss space combat simulators... I really enjoyed the FreeSpace games, and X-Wing, Independence War, and Wing Commander...
Hmmm... Does anybody make space combat sims anymore? I can't think of any in recent history...
We're an "authorized Dell reseller" if that matters to you.
We, obviously, recommend Dell to pretty much all our clients. The failure rate for individual machines and components is about what I'd expect from any manufacturer.
Their technical support is generally OK for the business-grade stuff (like your GOLD support) and crap for home customers. But I won't rave about it. I've been on the phone with absolute morons entirely too many times.
I've had printer techs who couldn't take a printer apart. I've had server technicians who couldn't handle basic terminology. I had hours and hours of sitting on the phone with optiplex capacitor problems trying to convince them to just fricking replace the motherboard like they claimed they were doing on their website. This is fricking GOLD corporate support here! I'm glad they got nailed, they richly deserved it. The problem is that Dell's on-site tech support is all outsourced to someone more local. We were, for a while, an authorized service center as well as reseller. We'd get the calls to go swap out somebody's motherboard or whatever. And I'll tell you right now that their testing/training does not qualify someone to actually work on their products. You really need the hands-on experience, which you don't get with their testing/training process.
We'd get sent out on calls to work on their printers because were were authorized and someone had taken the test... But we weren't given any special technical documentation. So we had no better idea where the parts were located inside any given printer than the end-user did.
Eventually it got too frustrating and we stopped doing the service calls.
Slashdot Mirror
A good password should be as random as possible. This is far from random. You get all sorts of hints from the public information about global music market and the password data is based on publicly available audio data. In addition, if you know your victim, you can even make more correct guesses as to what songs did that person choose.
Exactly. All someone would have to do is look at my last.fm profile to get a pretty good idea of the stuff I listen to. Or, barring that, see what CDs I've got lying around my house. Even just paying attention to what radio station somebody typically listens to would give you a pretty good hint.
The problem is people DON'T use secure passwords at all. Not even geeks have the discipline to use good passwords for anything but servers.
That's largely true... But I fail to see how picking a song is really going to help much. Instead of remembering your password is "p@ssw0rd" you now remember that your password is "Head Like a Hole, by Nine Inch Nails" How is that any harder to guess? How is that any harder for someone else to discover? How is that any easier to remember?
The idea with mp3s is, I think, that instead of typing in a password you point to an mp3 on your USB key. Now since practically no two mp3s are exactly the same it'd be very difficult for an attacker to first know what song you used and second to have the exact same (bitwise) version of the song. This is probably as safe as you can get without SSL certificates.
If that's the case, why use an MP3 at all? You're basically changing the security from something you know (Head Like a Hole, by Nine Inch Nails) to something you have (this specific file with a unique checksum/hash/whatever). Sounds an awful lot like what people have been doing with smartcards for years now.
Rather than generate some kind of hash from an existing file just store some ginormous string or certificate or something on the USB key.
The critical flaw of cloud computing is that you entrust your data to a third party. If you are at all concerned with privacy you will think cloud computing is a terrible idea.
Or you'll just make sure your data is encrypted before sending it out to the 3rd party for storage... Just like, if you're really concerned with privacy, you'll be encrypting the data locally as well.
Now, of course, for a cloud system where you're using someone else's CPU cycles that may not work... You might not be able to keep the data encrypted... But that's not what we're talking about here. We're talking about simple file storage. And there's absolutely no reason why you can't encrypt the files yourself and then store them wherever you like.
So... what does that actually mean? I know that TFA is a media fluffed version washed for the general masses, but they could've mentioned that part at least. If one was the NT login, were the admins smart enough to disable the LM Hash? Still, booting it with a *NIX CD and blanking the SAM password for administrator is trivial. What could the second be? A BIOS password? Open it and pull the battery. Big deal.
Is there something I'm missing about this? Are there a (whopping!) two password scheme that could actually make something more secure then just booting it with something else and pulling data off?
If the data is not actually encrypted, all the passwords in the world won't save you.
If you can get your hands on the HDD for a couple hours you can make an image of it. Then you can return the original HDD and work on the image at your leisure. You can blank the SAM, or try to brute-force the password, or just boot off a different drive and copy the data. Without encryption backing it up a password is nothing more than a polite request...not an actual barrier.
These folks have no idea if the information was compromised or not.
What was that info doing on a laptop? That in itself is very suspicious. Nobody should have a full list of the "approved people" outside of an database where each access is logged.
This is really what surprised me the most in this entire story. What the hell is that kind of information doing on a laptop at all? That information should be stored in a central database, with craptons of logging going on, only accessible through secured VPNs. There is absolutely no reason that any machine should have a local copy of it.
Thou wilt be charged what thou art willing to pay for it.
That's not quite true of course. Anyone who had the choice of paying $1 or $100 dollars for the exact same product would pay the lower price.
What you're willing to pay, not what you choose to pay. Sure, if I had a choice I'd pay $1 for my software... But they don't give me that choice. They set the price. And if I'm willing to pay it, I will. And if I'm not willing to pay it, I won't. And if enough people out there aren't willing to pay the price it'll be dropped.
Obviously folks overseas are willing to pay the higher prices. If they weren't, the software wouldn't be selling.
But we are not allowed to buy software from Russia at 1/10th of the cost.
Actually... Barring language differences and DRM, you are allowed to buy what you want, where you want. That's why there's such a booming business importing games and movies, and the associated modchips that let you play them on various consoles. Of course the issue there isn't so much price as it is simply getting your hands on a game or movie that isn't available... But it is done.
XP SP3 does NOT include IE7, Microsoft deliberately kept it as a separate installation so that people wouldn't be discouraged installing the service pack in case it broke the very web apps you mention.
In this tiny, small instance, Microsoft's lack of web standards has bit them in the arse.
Really... I was under the impression that SP3 included IE.
Regardless, I still don't think we're ready to start rolling out SP3 for our clients... But it's good to know that we won't be stuck with IE7 when the time comes.
What about your browsers that are provided by your IT department of your company?
I work in pretty large company and our IT dept. have disabled auto-updates from XP, Firefox and so on. Then they push updates to users when needed.
Above works fine in my company, but what about those companies with similar policies and non-existing or incompetent IT department? Browsing tubes all day long with old versions.
This is, unfortunately, the case with some of our clients.
We do outsourced IT for a number of companies in the area. We try to provide some very solid support, but ultimately we can only do what they're willing to pay us for. And they frequently won't call unless something is genuinely broken.
We usually disable Automatic Updates of all kinds - it cuts down on the number of panicked "OMG MY SOFTWARE WON'T RUN" calls we get. But some of these folks won't call us for a while... And when we point out that they're running old software and ought to update they'll ignore us... So we've got folks who aren't even running SP1 yet on their XP/2003 machines. And there isn't really a whole lot we can do if they aren't willing to pay us
Please, for the love of all that's holy, upgrade to IE7.
Once IE6 installations get down below a certain point, we won't have to spend crazy amounts of time rewriting web pages so they *also* work in IE6.
Maybe you could talk to some of the folks who're still releasing software that only works in IE6.
I understand the desire to get rid of IE6... I understand that IE7 is more standards-compliant and doesn't require as much work to design for... And I'd love to see everyone move to something more standards-compliant, so people wouldn't have to come up with so many hacks and workarounds to make a page display the way it should...
But right now I'm supporting a number of clients who run business-critical software that ties into their browser in some way, and they can't upgrade to IE7 because it'll break their software.
And not only does that mean that they can't upgrade to IE7... But they also can't install SP3 on their XP machines, or install any machines running Vista. Now, I'm not sure that I trust SP3 yet... And I certainly don't want to be rolling out Vista anywhere I don't have to... But these software vendors are really limiting a lot more than just the choice of browsers.
I wonder how many of those are IE6, which a lot of people use because they CAN'T upgrade to IE7.
More and more of the software that our clients run is being delivered to them through a web browser. Some of it is actually a web page out on the Internet that they connect to... Some of it is a page on their intranet... Some of it just uses the browser to kick off some kind of Java application... Some of it simply uses components of the browser to draw the GUI... But a lot of it does not work with anything other than IE6.
I really thought that most of it would be running ok on IE7 by now... Especially now that XP SP3 includes it, as does Vista... But a lot of it still doesn't work right. Some of these companies were nice enough to send out warnings not to install IE7... Some of them let us discover the problem on our own...
But the end result is that many of our clients are still running IE6.
Why does this crap keep getting modded 'Insightful'? Presumably its by fellow armchair economists who agree that the atomic composition of the Earth responds to supply and demand. Retards.
It's certainly true that these metals are not going to spontaneously appear just because they're expensive. There is a finite amount of copper in the world. Economics will not magically produce more. But economics will spur people to make more copper available.
The more you can sell copper for, the more money you can put in to getting the copper in the first place. Mines that didn't produce pure enough ore to be profitable at $10/pound do just fine at $100/pound. People start recycling. Alternatives are found.
In the GP's example, if additional sources of copper had not been found AT&T could have replaced all their copper with fiber and possibly even made money on the switchover.
Just as these elements are not going to magically appear because people want them, they also are not magically disappearing. We aren't transmuting them into gold. We aren't even shooting much of it into space. It's still here, on Earth, available for use.
At the moment it is apparently cheaper to mine new metals than it is to recover the old ones. As economics change, we'll start recovering the old ones and mining in new places. We aren't actually going to run out of these metals unless we literally build so many gadgets that all the copper/hafnium/whatever is currently in use.
Or they could just grab any flavor of BSD, close it, build a Win32 susbsystem on top of it and sell it as Windows 8.
This is really what I think needs to happen for Windows to remain a viable product. There is a reason why there are so many variations on Unix out there - it works. Look at the success that Apple had with bolting a pretty GUI on top of a Unix-y kernel. And WINE does a good job of implementing win32 already. If Microsoft wanted to they could very easily accomplish something similar to Apple's transition to OSX.
But what happens when things don't work right?
What if you want to play your single-player game on an airplane? Or a road trip somewhere? What if you're visiting relatives for the holidays and they have no Internet? What if your ISP craps out? What if your router dies? What if LGP's servers go down? What if you uninstall their game for a few months/years and then want to go back and play it again, but you don't remember your username and password?
There are plenty of scenarios where this fairly benign copy protection breaks down and renders the game that you legitimately paid for useless. Which makes the cracked version superior to the legitimate version - because it'll work pretty much anywhere.
And if you've got to crack the software in order to play it on airplane, or at your parents house, or when your ISP craps out, or whatever... You're already breaking the EULA/DMCA... Technically what you're doing is already illegal... So why not dive right in and pirate the thing from the start? In for a penny, in for a pound, right?
Of course it'd be better to support the developers... You want to pay them so they can go on to make more games in the future. But do you really want to support the decision to implement copy protection? Do you really want to hand them money so they can go cripple more software, so that you have to crack their next release too?
Maybe it'd send a clear message to the developers that folks don't like copy protection if they actually sold fewer copies than without the copy protection. The assumption, of course, is that they'll sell more - since it'll be harder to illegally copy the software. But if they actually sold less I wonder if anyone would get the hint? Or if they'd just use more invasive methods in the future...
I'm busy enough keeping our systems running and taking care of whatever issues our clients come up with. I don't have time to go snooping around for the fun of it.
If you have an unsecured access point anybody can connect to it with nearly-zero effort. Certain versions of Windows would connect automatically without even prompting you. Other versions warn that it might be unsafe to connect to an open access point, but say nothing about whether you actually have permission to use it or not.
If I'm sitting in my car in a parking lot, and turn on my laptop, I cannot tell the difference between an AP that was intentionally left unsecured for public use and one that was accidentally left unsecured because somebody didn't know what they were doing. They both show up as unsecured. Sure, I guess an SSID like "FreeInternet" or "PrivateNetwork" might be a hint... But entirely too many people - even those that intentionally set up a secure network - leave the SSID as "Netgear" or "Linksys"
What am I supposed to do...just start knocking on doors until I find out who owns the AP and ask if I can use it?
And what if two people both have unsecured Linksys APs with the SSID of "Linksys"...but one did it on purpose so others can get free Internet, and one just didn't know any better. And I get explicit, written permission from the first guy to connect to his AP. But I can't tell the difference between them because they're both called "Linksys" and I wind up connected to the wrong one?
This isn't a real-world situation where you can actually see physical boundaries, walls, doors, signs. This isn't a case of knowingly entering somebody else's house just because they didn't lock the front door.
This is more like a case of finding a nice little plot of green grass with a fountain in the middle of it... That looks just like the public park up the street... And has absolutely no signs indicating whether it is private property or not... And when you stop there to get a drink from the fountain some guy shows up and yells at you for trespassing and stealing his water.
It isn't that hard to secure your wireless these days. Just about any AP makes it trivially easy to pick a unique SSID and some kind of encryption. It'll only take a few minutes of your time. And if you can't be bothered to encrypt your network, you really can't expect any kind of privacy on it. Random strangers will connect to it.
Of course, actively bypassing encryption is a crime. That goes without saying. It doesn't really matter how broken WEP is or how easy it is to crack... If you're actually cracking it you're going beyond what you've been granted.
But if it's unencrypted... Everyone's been granted full access.
Lately there've been a good number of problems with compatibility between 2007 and everyone else... Not everyone has the compatibility pack installed on their machine and folks with 2007 keep forgetting to save as an older version. But that's just lately...
I've also had plenty of issues over the years with people running identical versions of Office. Maybe someone uses a weird font that nobody else has and it shows up weird on everyone else's computer. Or they'll save as HTML for some reason, but not include any of the pictures when they distribute it. Or maybe somebody's weird macro is blocked by somebody else's security settings. Or perhaps Office just decides to act weird one day for absolutely no good reason.
If I had to guess... I'd say I'm dealing with at least one Microsoft Office oddity a week, and that's not including all the 2007 fun we've been having lately.
Sure, some of them are. I guarantee you there's some people in Gitmo who did some absolutely horrible things and truly deserve to be there. And they deserve to rot away in prison or even face the death penalty if it is applicable.
But there are a lot of people being held in Gitmo under nothing more than suspicion. And until now they had no right to habeas corpus, which meant they could rot there for years and years with no recourse at all.
A couple honest questions...
1) Why do I see so much about wiretapping/bugging VoIP lately? I guess I've always assumed that VoIP was just as vulnerable to bugging as POTS - maybe even more so. Was I wrong? Was VoIP previously un-buggable and this just recently changed? Or is it just because VoIP is the new, cool thing?
2) Why would anyone think that compressed VoIP would be any more or less secure than uncompressed? As we can see, there's still patterns to be found. Wouldn't it make more sense to encrypt the data if you were worried about privacy? And since it's IP traffic, shouldn't encrypting it be relatively easy? Wouldn't a decent VPN pretty much take care of it?
After a couple absolutely lousy server installs I've started questioning everything. And regardless of what the vendor/support people tell me, I prepare for the worst. As a result, I hardly ever run into unexpected issues and usually get things done in far less time than I've allotted.
I don't think you can really teach someone to be skeptical... Sure, you can tell them repeatedly to keep asking questions and doubt answers, but I don't think it really sinks in until you've had a solid personal experience.
This sort of issue wouldn't survive for a week on Linux. If you read the original story, which this one is an update to, then you'll see that there are no bugs - only features.
Apple intentionally disabled DTrace on some software.
You can actually take a look at Apple's DTrace source.
1) Accidentally listed innocent sites. Some place like Whore Presents getting listed as pornography when it isn't.
2) Intentionally mis-listed sites. Somebody will claim that The Pirate Bay has child pornography on it (which it may) just to keep people from downloading cracked copies of Spore.
3) They're easy enough to bypass. There are plenty of free proxies out there that'll happily slap some advertising on your screen and then serve up whatever page your ISP doesn't want you to see. Or you could tunnel your traffic elsewhere to avoid the filter lists
These blocklists will be enough to stop some people from accidentally stumbling upon child porn... Maybe stop some very casual attempts to intentionally view child porn... But nothing more. They won't actually put a dent in folks who are genuinely trafficking in real, illegal child pornography. They're already well aware of what they're doing, and that it's illegal, and they're already going to some effort to find the material. Making them use an additional proxy or VPN isn't going to accomplish a whole lot.
Without control by government busy-bodies you'd have companies using sawdust as filler in their sausages... Pressing chalk dust into tablets and calling it "aspirin"... Paying children $1/day to work in hazardous conditions... You get the idea.
And without control by government busy-bodies, as we're seeing now, companies will sell you 20 GB/month and call it "unlimited".
Hmmm... Does anybody make space combat sims anymore? I can't think of any in recent history...
We, obviously, recommend Dell to pretty much all our clients. The failure rate for individual machines and components is about what I'd expect from any manufacturer.
Their technical support is generally OK for the business-grade stuff (like your GOLD support) and crap for home customers. But I won't rave about it. I've been on the phone with absolute morons entirely too many times. I've had printer techs who couldn't take a printer apart. I've had server technicians who couldn't handle basic terminology. I had hours and hours of sitting on the phone with optiplex capacitor problems trying to convince them to just fricking replace the motherboard like they claimed they were doing on their website. This is fricking GOLD corporate support here! I'm glad they got nailed, they richly deserved it. The problem is that Dell's on-site tech support is all outsourced to someone more local. We were, for a while, an authorized service center as well as reseller. We'd get the calls to go swap out somebody's motherboard or whatever. And I'll tell you right now that their testing/training does not qualify someone to actually work on their products. You really need the hands-on experience, which you don't get with their testing/training process.
We'd get sent out on calls to work on their printers because were were authorized and someone had taken the test... But we weren't given any special technical documentation. So we had no better idea where the parts were located inside any given printer than the end-user did.
Eventually it got too frustrating and we stopped doing the service calls.